The curriculum of business schools are filled with case studies of companies that took short cuts to become competitive and accomplished the exact opposite. For the information security world, there is a similar “penny-wise, pound-foolish” behavior in the notorious “Checkbox Assessment.” These are security or compliance assessments that have little basis in reality and are […]
Windows GUI for nMap – WinMap
A powerful new GUI for Nmap – WinMap
The Needs of the Many: Becoming a Servant Security Leader
“The needs of the many outweigh the needs of the few, or the one.” This was Spock’s pragmatic wisdom from Star Trek II: The Wrath of Khan, which was a inspirational movie for me when I was 12. Now 30 years later, it is still a good quote for security leaders to ponder.
Intrusion Prevention Endgame
All good things must come to an end. In the late 90’s I was fortunate to be involved with the development of one of the first intrusion prevention systems (BlackICE). It was a defining job for me since I learned so much working with the NetworkICE people, notably Robert Graham, Clinton Lum, and the late […]
UTM v NGFW: A Single Shade of Gray
What is the difference between Unified Threat Management (UTM) and Next Generation Firewalls (NGFW)? Anitian explored these two technologies and finds they are much more similar than some people want you to believe.
Repost: Black Hat Hype Hurts the Risk Management Process
While Black Hat has been notably quieter and less frothy this year, this article (published in 2010) still rings true. Hype damages the ability of people to make sound, rational, risk-based analysis of security issues.
Packet Goes Where? The Value of Firewall Naming Conventions
A zillion or so years ago, humans developed writing. This was a big deal for civilization. People could document things like how to get rid of lice, defend castles from Huns and which berries are toxic. Civilization would have quickly succumbed to lice, toxic berries and Huns were it not for the foresight of learned […]
Cultural Zero-Day: How Poor Leadership Begets Security Weakness
In the ten years Anitian has been working incident response and digital forensic cases, our analysts have observed many ingenious ways to break into systems and applications. However, they rarely encounter an ingenious root cause for the vulnerabilities. After all the analysis and disk imaging is complete, the root cause is almost always the same: […]
PCI: I Find Your Lack of Scope Disturbing
I find your lack of a scope of compliance disturbing.
The Cult of Palo Alto Networks
What is it about Palo Alto Networks? They seem more like a cult than a firewall manufacturer.